CORS error from Okta

calling API but giving error

You can add the URL from your client to API > Trusted Origins and it might solve this issue.

I have added website url on API > Trusted Origins but same error is coming from Okta server. Is there any way to solve the current issue? I have added OKHttp lib for calling api and it does not give any such CORS issue but it gives error message along with session not valid.

It sounds like you’re trying to hit our API directly, rather than using one of our SDKs. Can you explain a bit more about your use case and the application you’re developing?

From back-end java side I am calling API to validate session is active or not. My use case is to know session active or not. I am not using any Okta SDK. Just normal way I am calling above API. It gives error like CORS error. I already set my domain on Okta admin pannel for CORS. But it gives me error.

Can you please tell me what is doing wrong? OR what I need to do?

Can you post some code snippet here?
And also a screenshot of the exact error you’re seeing.

If you look at the “get current session” API -, you will notice the following -

This operation requires a session cookie for the user. API token is not allowed for this operation.

Make sure that your session cookie is set (user is logged in) and don’t pass the API Token in your code.
If the session is invalid, a 404 Not Found response will be returned.

1 Like

try {

                String url = "";

                URL obj = new URL(url);
                HttpURLConnection conn = (HttpURLConnection) obj.openConnection();

                conn.setRequestProperty("Accept", "application/json");
                conn.setRequestProperty("Cookie", cookie); // set cookie

                OutputStreamWriter out = new OutputStreamWriter(conn.getOutputStream());

                int responseCode = conn.getResponseCode();
                if(responseCode==200) {
                    BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
                    String line = "";
                    StringBuilder responseOutput = new StringBuilder();
                    while ((line = br.readLine()) != null) {
                    System.out.println("!!-- response=" + responseOutput.toString());
                    System.out.println("!!-- responseCode=" + responseCode);
            } catch (Exception e) {
                System.out.println("!!-- error=" + e.toString());

getting 400 response

I am calling API

Just to double check, are you replacing with your Okta organization?

yes. In my code I replaced with organization. For security purpose I hide this info. But not working till now.

What type of application are you building? Are you building an Okta integration (a custom chiclet or SSO app for example), or a project that uses the Okta API to handle login for your users?

We might be able to suggest a different way of checking the user’s session.

On my website I have added Okta login through SSO. Just I need to check logged in user session is active or not. If session is out then I need to send error message on API response … other wise I need to send data on API response. Send me the steps so that I can implement it.

I need to do it from server(Spring 4.3) not front end.

I wonder if you found a solution to this. We are also trying to call the get session api from the server side but it’s not working. We can call from client with success but that doesn’t fit our application.

Since your application domain would not match your Okta domain, browser would not send the Okta cookie to your server, so, I am wondering how you are doing a set cookie? Unless you have the Okta session cookie value on the server side, this call cannot be made from the server - it will have to be made from the client side. On the client side, browser will automatically pass the Okta cookie which will be used by Okta to identify the session is valid or not and provide details about the user.